CWE 587

Assignment of a Fixed Address to a Pointer

Weakness ID: 587 (Weakness Base)

Status: Draft

Description

Description Summary

The software sets a pointer to a specific address other than NULL or 0.

Extended Description

Using a fixed address is not portable because that address will probably not be valid in all environments or platforms.

Time of Introduction

Applicable Platforms

Languages

C++

Assembly

Common Consequences

Scope	Effect
Integrity	If one executes code at a known location, an attacker might be able to inject code there beforehand.
Availability	If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.
Confidentiality	The data at a known pointer location can be easily read or influenced by an attacker.

Demonstrative Examples

Example 1

(Bad Code)

Example Language: C

int (*pt2Function) (float, char, char)=0x08040000;

int result2 = (*pt2Function) (12, 'a', 'b');

// Here we can inject code to execute.

Potential Mitigations

Phase: Implementation

Never set a pointer to a fixed address.

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Base	344	Use of Invariant Value in Dynamically Changing Context	Research Concepts (primary)1000
ChildOf	Category	465	Pointer Issues	Development Concepts (primary)699
ChildOf	Category	738	CERT C Secure Coding Section 04 - Integers (INT)	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf	Weakness Class	758	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior	Research Concepts1000

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
CERT C Secure Coding	INT11-C		Take care when converting from pointer to integer or integer to pointer

White Box Definitions

A weakness where code path has:

1. end statement that assigns an address to a pointer

2. start statement that defines the address and the address is a literal value

Content History

Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Time of Introduction
2008-08-01		KDM Analytics	External
2008-08-01	added/updated white box definitions
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Applicable Platforms, Description, Relationships, Other Notes, Weakness Ordinalities
2008-11-24	CWE Content Team	MITRE	Internal
2008-11-24	updated Relationships, Taxonomy Mappings
2009-03-10	CWE Content Team	MITRE	Internal
2009-03-10	updated Relationships
2009-07-27	CWE Content Team	MITRE	Internal
2009-07-27	updated Common Consequences, Description, Other Notes